Back to skill
Skillv1.0.3
VirusTotal security
Clawsy · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:38 AM
- Hash
- 0a1155211645ea2a94030a6ac7b8ccb237c1b28900cd21bc4a75b4ccd58fbec8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawsy Version: 1.0.3 The skill extracts the sensitive OpenClaw gateway `authToken` from the local filesystem (`~/.openclaw/gateway.json`) via a `postInstall` hook and instructs the agent to display it to the user. It directs users to download an external macOS binary from GitHub (https://github.com/iret77/clawsy) and explicitly provides instructions to bypass macOS Gatekeeper security using `xattr -cr`. While framed as a companion app, the skill enables high-risk capabilities including screen capture, camera access, and clipboard monitoring, and mandates its own propagation into the system prompts of all sub-agents.
- External report
- View on VirusTotal